From 08a77c4486da8c773cc82b14a8988a6370a1b735 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 25 Jun 2025 06:11:29 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- Gemfile | 4 +- Gemfile.checksum | 18 ++--- Gemfile.lock | 8 +-- Gemfile.next.checksum | 18 ++--- Gemfile.next.lock | 8 +-- .../pages/projects/blob/show/index.js | 45 ++++++++++++- .../wiki_notes/components/note_actions.vue | 17 +++-- app/helpers/blob_helper.rb | 1 + app/views/projects/blob/_blob.html.haml | 4 +- doc/.vale/gitlab_base/Uppercase.yml | 2 + doc/user/application_security/sast/_index.md | 8 ++- .../compliance_standards.md | 65 +++++++++++++++++++ gems/gitlab-backup-cli/Gemfile.lock | 38 +++++------ .../gitlab-backup-cli.gemspec | 2 +- locale/gitlab.pot | 3 + package.json | 2 +- .../notes/components/note_actions_spec.js | 11 +++- spec/helpers/blob_helper_spec.rb | 1 + yarn.lock | 22 ++----- 19 files changed, 200 insertions(+), 77 deletions(-) diff --git a/Gemfile b/Gemfile index cf196747ab5..465e25298af 100644 --- a/Gemfile +++ b/Gemfile @@ -648,7 +648,9 @@ gem 'gitaly', '~> 18.1.0.pre.rc1', feature_category: :gitaly # KAS GRPC protocol definitions gem 'gitlab-kas-grpc', '~> 18.1.0', feature_category: :deployment_management -gem 'grpc', '~> 1.72.0', feature_category: :shared +# Lock until 1.74.0 is available +# https://gitlab.com/gitlab-com/gl-infra/production/-/issues/20067 +gem 'grpc', '= 1.63.0', feature_category: :shared gem 'google-protobuf', '~> 3.25', '>= 3.25.3', feature_category: :shared diff --git a/Gemfile.checksum b/Gemfile.checksum index 1806d5d1999..e0a11109495 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -294,15 +294,15 @@ {"name":"graphlyte","version":"1.0.0","platform":"ruby","checksum":"b5af4ab67dde6e961f00ea1c18f159f73b52ed11395bb4ece297fe628fa1804d"}, {"name":"graphql","version":"2.4.13","platform":"ruby","checksum":"fb1db6e9e24c93c995f8083d66ec65ea70991aa2b68da1b15a360b418af5aa9d"}, {"name":"graphql-docs","version":"5.0.0","platform":"ruby","checksum":"76baca6e5a803a4b6a9fbbbfdbf16742b7c4c546c8592b6e1a7aa4e79e562d04"}, -{"name":"grpc","version":"1.72.0","platform":"aarch64-linux","checksum":"4c739fcd66f446d2eb3816a405da0f27c6004902f3a7d46d0de378da1d242009"}, -{"name":"grpc","version":"1.72.0","platform":"arm64-darwin","checksum":"91d5d5b8fa19f8f8053b0eceb43985134b40a1f18c56798a00c438d2d70f652a"}, -{"name":"grpc","version":"1.72.0","platform":"ruby","checksum":"56fa0da2f4f96471f59430a9ef08a612cc77649e8fa118c83ae7d0bb619bea09"}, -{"name":"grpc","version":"1.72.0","platform":"x64-mingw-ucrt","checksum":"ba538fa075b9564a61b153e2ad65c5d3ef506854688ccc73b05701bfb1aabf1d"}, -{"name":"grpc","version":"1.72.0","platform":"x64-mingw32","checksum":"68be646a6ddadc4372e1e36b67d910a5ae3582c0103e0a086fe9b0344e3f57c5"}, -{"name":"grpc","version":"1.72.0","platform":"x86-linux","checksum":"865d16bef67b61cf0c51a77421c6659cff16ed4641a46342ea5c058f041e8127"}, -{"name":"grpc","version":"1.72.0","platform":"x86-mingw32","checksum":"92669eae272d78749351e61405e057dbfff2abddd3e2a25f1689e9ff230efad4"}, -{"name":"grpc","version":"1.72.0","platform":"x86_64-darwin","checksum":"198b5e3eecea88f29e41415db9168bcd1a821763967adc6299bf4946c5137a36"}, -{"name":"grpc","version":"1.72.0","platform":"x86_64-linux","checksum":"3662b40cb1cddce5fb33ae61016138d8dd905523db7d65ad664e6f5ea5354360"}, +{"name":"grpc","version":"1.63.0","platform":"aarch64-linux","checksum":"dc75c5fd570b819470781d9512105dddfdd11d984f38b8e60bb946f92d1f79ee"}, +{"name":"grpc","version":"1.63.0","platform":"arm64-darwin","checksum":"91b93a354508a9d1772f095554f2e4c04358c2b32d7a670e3705b7fc4695c996"}, +{"name":"grpc","version":"1.63.0","platform":"ruby","checksum":"5f4383c4ee2886e92c31b90422261b7527f26e3baa585d877e9804e715983686"}, +{"name":"grpc","version":"1.63.0","platform":"x64-mingw-ucrt","checksum":"bbca63f19b45cca5a485f5c5eb363a8684d23a6d0c3421bde5e72e6227291488"}, +{"name":"grpc","version":"1.63.0","platform":"x64-mingw32","checksum":"fb6251f497c8327eda92c4af293ec07fcaec4ffaa2514d3942a7c31406bfaf5b"}, +{"name":"grpc","version":"1.63.0","platform":"x86-linux","checksum":"152140fa2c28e384d3c1ded454a66d5e22fb2ff1d2920c2ef2530b2d707de6fd"}, +{"name":"grpc","version":"1.63.0","platform":"x86-mingw32","checksum":"eed13225b08e705421fef9d986de6c2310ec692df1d80f7a4d407de7c1f98525"}, +{"name":"grpc","version":"1.63.0","platform":"x86_64-darwin","checksum":"a814414ff178e89ee3ad0cc2a826ce1ca96c68063effb81affe3e5ceff7b44cc"}, +{"name":"grpc","version":"1.63.0","platform":"x86_64-linux","checksum":"41a90a597f44959c8dbb94619db2b0c0939a768569a5dfad41fffa227eb1287d"}, {"name":"grpc-google-iam-v1","version":"1.5.0","platform":"ruby","checksum":"cea356d150dac69751f6a4c71f1571c8022c69d9f4ce9c18139200932c19374e"}, {"name":"grpc_reflection","version":"0.1.1","platform":"ruby","checksum":"bc47df12f794a407633b5a9eb27fd95118a78d701c325256fff3c9e50819097b"}, {"name":"gssapi","version":"1.3.1","platform":"ruby","checksum":"c51cf30842ee39bd93ce7fc33e20405ff8a04cda9dec6092071b61258284aee1"}, diff --git a/Gemfile.lock b/Gemfile.lock index c09779c44bd..e6b3ceef409 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -54,7 +54,7 @@ PATH google-cloud-storage_transfer (~> 1.2.0) google-protobuf (~> 3.25, >= 3.25.3) googleauth (~> 1.8.1) - grpc (~> 1.72.0) + grpc (= 1.63.0) json (~> 2.7) jwt (~> 2.5) logger (~> 1.5) @@ -968,8 +968,8 @@ GEM graphql (~> 2.0) html-pipeline (~> 2.14, >= 2.14.3) sass-embedded (~> 1.58) - grpc (1.72.0) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) grpc-google-iam-v1 (1.5.0) google-protobuf (~> 3.18) @@ -2216,7 +2216,7 @@ DEPENDENCIES graphlyte (~> 1.0.0) graphql (= 2.4.13) graphql-docs (~> 5.0.0) - grpc (~> 1.72.0) + grpc (= 1.63.0) gssapi (~> 1.3.1) guard-rspec haml_lint (~> 0.58) diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum index 495a99c64f1..f7b12c3c5eb 100644 --- a/Gemfile.next.checksum +++ b/Gemfile.next.checksum @@ -294,15 +294,15 @@ {"name":"graphlyte","version":"1.0.0","platform":"ruby","checksum":"b5af4ab67dde6e961f00ea1c18f159f73b52ed11395bb4ece297fe628fa1804d"}, {"name":"graphql","version":"2.4.13","platform":"ruby","checksum":"fb1db6e9e24c93c995f8083d66ec65ea70991aa2b68da1b15a360b418af5aa9d"}, {"name":"graphql-docs","version":"5.0.0","platform":"ruby","checksum":"76baca6e5a803a4b6a9fbbbfdbf16742b7c4c546c8592b6e1a7aa4e79e562d04"}, -{"name":"grpc","version":"1.72.0","platform":"aarch64-linux","checksum":"4c739fcd66f446d2eb3816a405da0f27c6004902f3a7d46d0de378da1d242009"}, -{"name":"grpc","version":"1.72.0","platform":"arm64-darwin","checksum":"91d5d5b8fa19f8f8053b0eceb43985134b40a1f18c56798a00c438d2d70f652a"}, -{"name":"grpc","version":"1.72.0","platform":"ruby","checksum":"56fa0da2f4f96471f59430a9ef08a612cc77649e8fa118c83ae7d0bb619bea09"}, -{"name":"grpc","version":"1.72.0","platform":"x64-mingw-ucrt","checksum":"ba538fa075b9564a61b153e2ad65c5d3ef506854688ccc73b05701bfb1aabf1d"}, -{"name":"grpc","version":"1.72.0","platform":"x64-mingw32","checksum":"68be646a6ddadc4372e1e36b67d910a5ae3582c0103e0a086fe9b0344e3f57c5"}, -{"name":"grpc","version":"1.72.0","platform":"x86-linux","checksum":"865d16bef67b61cf0c51a77421c6659cff16ed4641a46342ea5c058f041e8127"}, -{"name":"grpc","version":"1.72.0","platform":"x86-mingw32","checksum":"92669eae272d78749351e61405e057dbfff2abddd3e2a25f1689e9ff230efad4"}, -{"name":"grpc","version":"1.72.0","platform":"x86_64-darwin","checksum":"198b5e3eecea88f29e41415db9168bcd1a821763967adc6299bf4946c5137a36"}, -{"name":"grpc","version":"1.72.0","platform":"x86_64-linux","checksum":"3662b40cb1cddce5fb33ae61016138d8dd905523db7d65ad664e6f5ea5354360"}, +{"name":"grpc","version":"1.63.0","platform":"aarch64-linux","checksum":"dc75c5fd570b819470781d9512105dddfdd11d984f38b8e60bb946f92d1f79ee"}, +{"name":"grpc","version":"1.63.0","platform":"arm64-darwin","checksum":"91b93a354508a9d1772f095554f2e4c04358c2b32d7a670e3705b7fc4695c996"}, +{"name":"grpc","version":"1.63.0","platform":"ruby","checksum":"5f4383c4ee2886e92c31b90422261b7527f26e3baa585d877e9804e715983686"}, +{"name":"grpc","version":"1.63.0","platform":"x64-mingw-ucrt","checksum":"bbca63f19b45cca5a485f5c5eb363a8684d23a6d0c3421bde5e72e6227291488"}, +{"name":"grpc","version":"1.63.0","platform":"x64-mingw32","checksum":"fb6251f497c8327eda92c4af293ec07fcaec4ffaa2514d3942a7c31406bfaf5b"}, +{"name":"grpc","version":"1.63.0","platform":"x86-linux","checksum":"152140fa2c28e384d3c1ded454a66d5e22fb2ff1d2920c2ef2530b2d707de6fd"}, +{"name":"grpc","version":"1.63.0","platform":"x86-mingw32","checksum":"eed13225b08e705421fef9d986de6c2310ec692df1d80f7a4d407de7c1f98525"}, +{"name":"grpc","version":"1.63.0","platform":"x86_64-darwin","checksum":"a814414ff178e89ee3ad0cc2a826ce1ca96c68063effb81affe3e5ceff7b44cc"}, +{"name":"grpc","version":"1.63.0","platform":"x86_64-linux","checksum":"41a90a597f44959c8dbb94619db2b0c0939a768569a5dfad41fffa227eb1287d"}, {"name":"grpc-google-iam-v1","version":"1.5.0","platform":"ruby","checksum":"cea356d150dac69751f6a4c71f1571c8022c69d9f4ce9c18139200932c19374e"}, {"name":"grpc_reflection","version":"0.1.1","platform":"ruby","checksum":"bc47df12f794a407633b5a9eb27fd95118a78d701c325256fff3c9e50819097b"}, {"name":"gssapi","version":"1.3.1","platform":"ruby","checksum":"c51cf30842ee39bd93ce7fc33e20405ff8a04cda9dec6092071b61258284aee1"}, diff --git a/Gemfile.next.lock b/Gemfile.next.lock index 53c44e69e65..06569ffc68f 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -54,7 +54,7 @@ PATH google-cloud-storage_transfer (~> 1.2.0) google-protobuf (~> 3.25, >= 3.25.3) googleauth (~> 1.8.1) - grpc (~> 1.72.0) + grpc (= 1.63.0) json (~> 2.7) jwt (~> 2.5) logger (~> 1.5) @@ -962,8 +962,8 @@ GEM graphql (~> 2.0) html-pipeline (~> 2.14, >= 2.14.3) sass-embedded (~> 1.58) - grpc (1.72.0) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) grpc-google-iam-v1 (1.5.0) google-protobuf (~> 3.18) @@ -2211,7 +2211,7 @@ DEPENDENCIES graphlyte (~> 1.0.0) graphql (= 2.4.13) graphql-docs (~> 5.0.0) - grpc (~> 1.72.0) + grpc (= 1.63.0) gssapi (~> 1.3.1) guard-rspec haml_lint (~> 0.58) diff --git a/app/assets/javascripts/pages/projects/blob/show/index.js b/app/assets/javascripts/pages/projects/blob/show/index.js index b042a113fd0..c6530d19889 100644 --- a/app/assets/javascripts/pages/projects/blob/show/index.js +++ b/app/assets/javascripts/pages/projects/blob/show/index.js @@ -30,6 +30,9 @@ import { initFindFileShortcut } from '~/projects/behaviors'; import initHeaderApp from '~/repository/init_header_app'; import createRouter from '~/repository/router'; import initFileTreeBrowser from '~/repository/file_tree_browser'; +import LastCommit from '~/repository/components/last_commit.vue'; +import projectPathQuery from '~/repository/queries/project_path.query.graphql'; +import refsQuery from '~/repository/queries/ref.query.graphql'; import PerformancePlugin from '~/performance/vue_performance_plugin'; @@ -76,6 +79,31 @@ const initRefSwitcher = () => { }); }; +const initLastCommitApp = (router) => { + const lastCommitEl = document.getElementById('js-last-commit'); + if (!lastCommitEl) return null; + + return new Vue({ + el: lastCommitEl, + router, + apolloProvider, + render(h) { + const historyUrl = generateHistoryUrl( + lastCommitEl.dataset.historyLink, + this.$route.params.path, + this.$route.meta.refType || this.$route.query.ref_type, + ); + return h(LastCommit, { + props: { + currentPath: this.$route.params.path, + refType: this.$route.meta.refType || this.$route.query.ref_type, + historyUrl: historyUrl.href, + }, + }); + }, + }); +}; + initRefSwitcher(); initAmbiguousRefModal(); initFindFileShortcut(); @@ -90,12 +118,27 @@ if (viewBlobEl) { userId, explainCodeAvailable, refType, + escapedRef, canDownloadCode, fullName, ...dataset } = viewBlobEl.dataset; + + apolloProvider.clients.defaultClient.cache.writeQuery({ + query: projectPathQuery, + data: { + projectPath, + }, + }); + + apolloProvider.clients.defaultClient.cache.writeQuery({ + query: refsQuery, + data: { ref: originalBranch, escapedRef }, + }); + const router = createRouter(projectPath, originalBranch, fullName); - initFileTreeBrowser(router, { projectPath, ref: originalBranch, refType }); + initFileTreeBrowser(router, { projectPath, ref: originalBranch, refType }, apolloProvider); + initLastCommitApp(router); initHeaderApp({ router, isBlobView: true }); diff --git a/app/assets/javascripts/wikis/wiki_notes/components/note_actions.vue b/app/assets/javascripts/wikis/wiki_notes/components/note_actions.vue index 25195c7da48..dfca27620af 100644 --- a/app/assets/javascripts/wikis/wiki_notes/components/note_actions.vue +++ b/app/assets/javascripts/wikis/wiki_notes/components/note_actions.vue @@ -10,7 +10,7 @@ import { __, sprintf } from '~/locale'; import EmojiPicker from '~/emoji/components/picker.vue'; import AbuseCategorySelector from '~/abuse_reports/components/abuse_category_selector.vue'; import UserAccessRoleBadge from '~/vue_shared/components/user_access_role_badge.vue'; -import { WIKI_CONTAINER_TYPE } from '../../constants'; +import { WIKI_CONTAINER_TYPE } from '~/wikis/constants'; export default { i18n: { @@ -85,16 +85,21 @@ export default { return true; }, showMemberBadge() { - return this.containerType === WIKI_CONTAINER_TYPE.PROJECT && this.accessLevel; + return Boolean(this.accessLevel); }, showAuthorBadge() { return this.authorEmails.includes(this.pageAuthorEmail); }, displayMemberBadgeText() { - return sprintf(__('This user has the %{access} role in the %{name} project.'), { - access: this.accessLevel.toLowerCase(), - name: this.containerName, - }); + return sprintf( + this.containerType === WIKI_CONTAINER_TYPE.PROJECT + ? __('This user has the %{access} role in the %{name} project.') + : __('This user has the %{access} role in the %{name} group.'), + { + access: this.accessLevel.toLowerCase(), + name: this.containerName, + }, + ); }, }, methods: { diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index b8fefaa3e9b..9340af64a35 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -295,6 +295,7 @@ module BlobHelper user_id: current_user.present? ? current_user.to_global_id : '', target_branch: selected_branch, original_branch: ref, + escaped_ref: ActionDispatch::Journey::Router::Utils.escape_path(ref), can_download_code: can?(current_user, :download_code, project).to_s, full_name: project.name_with_namespace } diff --git a/app/views/projects/blob/_blob.html.haml b/app/views/projects/blob/_blob.html.haml index ee9d2fe73e1..e8ce8ae3abd 100644 --- a/app/views/projects/blob/_blob.html.haml +++ b/app/views/projects/blob/_blob.html.haml @@ -12,9 +12,7 @@ #js-fork-info{ data: vue_fork_divergence_data(project, ref) } .info-well - .well-segment - %ul.blob-commit-info - = render 'projects/commits/commit', commit: @last_commit, project: @project, ref: @ref, show_legacy_ci_icon: false, is_blob_page: true + #js-last-commit{ data: { history_link: project_commits_path(project, ref)} } .gl-hidden.sm:gl-block - if project.licensed_feature_available?(:code_owners) diff --git a/doc/.vale/gitlab_base/Uppercase.yml b/doc/.vale/gitlab_base/Uppercase.yml index e779e9c5d33..488c974ca0c 100644 --- a/doc/.vale/gitlab_base/Uppercase.yml +++ b/doc/.vale/gitlab_base/Uppercase.yml @@ -122,7 +122,9 @@ exceptions: - IIS - IMAP - IOPS + - IRAP - IRC + - ISM - ISMAP - ISO - JPEG diff --git a/doc/user/application_security/sast/_index.md b/doc/user/application_security/sast/_index.md index 740cc12eec6..42b92de987d 100644 --- a/doc/user/application_security/sast/_index.md +++ b/doc/user/application_security/sast/_index.md @@ -1083,7 +1083,13 @@ When using the Semgrep-based analyzer, the following options are also available: - Ignore a line of code for specific rule - add `// nosemgrep: RULE_ID` comment at the end of the line (the prefix is according to the development language). -- Ignore a file or directory - create a `.semgrepignore` file in your repository's root directory or your project's working directory and add patterns for files and folders there. +- Ignore a file or directory - create a `.semgrepignore` file in your repository's root directory or your project's working directory and add patterns for files and folders there. GitLab Semgrep analyzer automatically merges your custom `.semgrepignore` file with [GitLab built-in ignore patterns](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/abcea7419961320f9718a2f24fe438cc1a7f8e08/semgrepignore). + +{{< alert type="note" >}} + +The Semgrep analyzer does not respect `.gitignore` files. Files listed in `.gitignore` are analyzed unless explicitly excluded by using `.semgrepignore` or `SAST_EXCLUDED_PATHS`. + +{{< /alert >}} For more details see [Semgrep documentation](https://semgrep.dev/docs/ignoring-files-folders-code). diff --git a/doc/user/compliance/compliance_frameworks/compliance_standards.md b/doc/user/compliance/compliance_frameworks/compliance_standards.md index 15f156b7877..4f54448dd8e 100644 --- a/doc/user/compliance/compliance_frameworks/compliance_standards.md +++ b/doc/user/compliance/compliance_frameworks/compliance_standards.md @@ -81,6 +81,71 @@ The following table lists the requirements supported by GitLab for FedRAMP High | SA-11(1): Static Code Analysis | Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. | | | SA-11(8): Dynamic Code Analysis | Require the developer of the system, system component, or system service to employ dynamic code analysis tools to identify common flaws and document the results of the analysis. | | +## IRAP compliance requirements + +IRAP is the Infosec Registered Assessors Program. Controls are available for IRAP Official, IRAP Protected, IRAP Secret, +and IRAP Top Secret. + +### IRAP Official + +| IRAP Official requirement | Description | Supported controls | +|:----------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------| +| ISM-0402 Application security testing | Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases. | | +| ISM-1163 Continuous monitoring plan | Systems have a continuous monitoring plan that includes: conducting vulnerability scans for systems at least fortnightly, conducting vulnerability assessments and penetration tests for systems prior to deployment, including prior to deployment of significant changes, and at least annually thereafter, analysing identified vulnerabilities to determine their potential impact, and implementing mitigations based on risk, effectiveness and cost. | | +| ISM-1422 Development, testing and production environments | Unauthorised access to the authoritative source for software is prevented. | | +| ISM-1698 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | | +| ISM-1700 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | | +| ISM-1701 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in operating systems of internet-facing servers and internet-facing network devices. | | +| ISM-1702 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices. | | +| ISM-1808 Scanning for unmitigated vulnerabilities | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | | +| ISM-1816 Development, testing and production environments | Unauthorised modification of the authoritative source for software is prevented. | | +| ISM-1875 Protecting credentials | Networks are scanned at least monthly to identify any credentials that are being stored in the clear. | | + +### IRAP Protected + +| IRAP Protected requirement | Description | Supported controls | +|:----------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------| +| ISM-0402 Application security testing | Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases. | | +| ISM-1163 Continuous monitoring plan | Systems have a continuous monitoring plan that includes: conducting vulnerability scans for systems at least fortnightly, conducting vulnerability assessments and penetration tests for systems prior to deployment, including prior to deployment of significant changes, and at least annually thereafter, analysing identified vulnerabilities to determine their potential impact, and implementing mitigations based on risk, effectiveness and cost. | | +| ISM-1422 Development, testing and production environments | Unauthorised access to the authoritative source for software is prevented. | | +| ISM-1698 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | | +| ISM-1700 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | | +| ISM-1701 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in operating systems of internet-facing servers and internet-facing network devices. | | +| ISM-1702 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices. | | +| ISM-1808 Scanning for unmitigated vulnerabilities | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | | +| ISM-1816 Development, testing and production environments | Unauthorised modification of the authoritative source for software is prevented. | | +| ISM-1875 Protecting credentials | Networks are scanned at least monthly to identify any credentials that are being stored in the clear. | | + +### IRAP Secret + +| IRAP Secret requirement | Description | Supported controls | +|:----------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------| +| ISM-0402 Application security testing | Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases. | | +| ISM-1163 Continuous monitoring plan | Systems have a continuous monitoring plan that includes: conducting vulnerability scans for systems at least fortnightly, conducting vulnerability assessments and penetration tests for systems prior to deployment, including prior to deployment of significant changes, and at least annually thereafter, analysing identified vulnerabilities to determine their potential impact, and implementing mitigations based on risk, effectiveness and cost. | | +| ISM-1422 Development, testing and production environments | Unauthorised access to the authoritative source for software is prevented. | | +| ISM-1698 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | | +| ISM-1700 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | | +| ISM-1701 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in operating systems of internet-facing servers and internet-facing network devices. | | +| ISM-1702 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices. | | +| ISM-1808 Scanning for unmitigated vulnerabilities | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | | +| ISM-1816 Development, testing and production environments | Unauthorised modification of the authoritative source for software is prevented. | | +| ISM-1875 Protecting credentials | Networks are scanned at least monthly to identify any credentials that are being stored in the clear. | | + +### IRAP Top Secret + +| IRAP Top Secret requirement | Description | Supported controls | +|:----------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------| +| ISM-0402 Application security testing | Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases. | | +| ISM-1163 Continuous monitoring plan | Systems have a continuous monitoring plan that includes: conducting vulnerability scans for systems at least fortnightly, conducting vulnerability assessments and penetration tests for systems prior to deployment, including prior to deployment of significant changes, and at least annually thereafter, analysing identified vulnerabilities to determine their potential impact, and implementing mitigations based on risk, effectiveness and cost. | | +| ISM-1422 Development, testing and production environments | Unauthorised access to the authoritative source for software is prevented. | | +| ISM-1698 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | | +| ISM-1700 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | | +| ISM-1701 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in operating systems of internet-facing servers and internet-facing network devices. | | +| ISM-1702 Scanning for unmitigated vulnerabilities | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices. | | +| ISM-1808 Scanning for unmitigated vulnerabilities | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | | +| ISM-1816 Development, testing and production environments | Unauthorised modification of the authoritative source for software is prevented. | | +| ISM-1875 Protecting credentials | Networks are scanned at least monthly to identify any credentials that are being stored in the clear. | | + ## ISMAP compliance requirements The Information system Security Management and Assessment Program (ISMAP) aims to secure the security level of the government's cloud service procurement diff --git a/gems/gitlab-backup-cli/Gemfile.lock b/gems/gitlab-backup-cli/Gemfile.lock index 2eab9dbba6f..690dc5b1d25 100644 --- a/gems/gitlab-backup-cli/Gemfile.lock +++ b/gems/gitlab-backup-cli/Gemfile.lock @@ -19,7 +19,7 @@ PATH google-cloud-storage_transfer (~> 1.2.0) google-protobuf (~> 3.25, >= 3.25.3) googleauth (~> 1.8.1) - grpc (~> 1.72.0) + grpc (= 1.63.0) json (~> 2.7) jwt (~> 2.5) logger (~> 1.5) @@ -106,23 +106,23 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (>= 0.16, < 2.a) - grpc (1.72.0) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) - grpc (1.72.0-aarch64-linux) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0-aarch64-linux) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) - grpc (1.72.0-arm64-darwin) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0-arm64-darwin) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) - grpc (1.72.0-x86-linux) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0-x86-linux) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) - grpc (1.72.0-x86_64-darwin) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0-x86_64-darwin) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) - grpc (1.72.0-x86_64-linux) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0-x86_64-linux) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) i18n (1.14.5) concurrent-ruby (~> 1.0) @@ -262,12 +262,12 @@ CHECKSUMS googleapis-common-protos (1.6.0) sha256=d540114a75fd4b34fee936495d28ff7e331d546b7d7ac7898f3b4bb9f13a8d79 googleapis-common-protos-types (1.15.0) sha256=57b1600c271fa3312096e55a3040d20d2c0f9a5d65d0fde1f16e5cd99bab156b googleauth (1.8.1) sha256=814adadaaa1221dce72a67131e3ecbd6d23491a161ec84fb15fd353b87d8c9e7 - grpc (1.72.0) sha256=56fa0da2f4f96471f59430a9ef08a612cc77649e8fa118c83ae7d0bb619bea09 - grpc (1.72.0-aarch64-linux) sha256=4c739fcd66f446d2eb3816a405da0f27c6004902f3a7d46d0de378da1d242009 - grpc (1.72.0-arm64-darwin) sha256=91d5d5b8fa19f8f8053b0eceb43985134b40a1f18c56798a00c438d2d70f652a - grpc (1.72.0-x86-linux) sha256=865d16bef67b61cf0c51a77421c6659cff16ed4641a46342ea5c058f041e8127 - grpc (1.72.0-x86_64-darwin) sha256=198b5e3eecea88f29e41415db9168bcd1a821763967adc6299bf4946c5137a36 - grpc (1.72.0-x86_64-linux) sha256=3662b40cb1cddce5fb33ae61016138d8dd905523db7d65ad664e6f5ea5354360 + grpc (1.63.0) sha256=5f4383c4ee2886e92c31b90422261b7527f26e3baa585d877e9804e715983686 + grpc (1.63.0-aarch64-linux) sha256=dc75c5fd570b819470781d9512105dddfdd11d984f38b8e60bb946f92d1f79ee + grpc (1.63.0-arm64-darwin) sha256=91b93a354508a9d1772f095554f2e4c04358c2b32d7a670e3705b7fc4695c996 + grpc (1.63.0-x86-linux) sha256=152140fa2c28e384d3c1ded454a66d5e22fb2ff1d2920c2ef2530b2d707de6fd + grpc (1.63.0-x86_64-darwin) sha256=a814414ff178e89ee3ad0cc2a826ce1ca96c68063effb81affe3e5ceff7b44cc + grpc (1.63.0-x86_64-linux) sha256=41a90a597f44959c8dbb94619db2b0c0939a768569a5dfad41fffa227eb1287d i18n (1.14.5) sha256=26dcbc05e364b57e27ab430148b3377bc413987d34cc042336271d8f42e9d1b9 json (2.10.1) sha256=ddc88ad91a1baf3f0038c174f253af3b086d30dc74db17ca4259bbde982f94dc jwt (2.8.2) sha256=5a9877315e224d551785560870287267088eedfec02d5239664def148d18bc12 diff --git a/gems/gitlab-backup-cli/gitlab-backup-cli.gemspec b/gems/gitlab-backup-cli/gitlab-backup-cli.gemspec index 3ed9ee42eb7..bf4311713f6 100644 --- a/gems/gitlab-backup-cli/gitlab-backup-cli.gemspec +++ b/gems/gitlab-backup-cli/gitlab-backup-cli.gemspec @@ -40,7 +40,7 @@ Gem::Specification.new do |spec| spec.add_dependency "concurrent-ruby", "~> 1.1" spec.add_dependency "faraday", "~> 2" spec.add_dependency "google-protobuf", "~> 3.25", ">= 3.25.3" - spec.add_dependency "grpc", "~> 1.72.0" + spec.add_dependency "grpc", "= 1.63.0" spec.add_dependency "json", "~> 2.7" spec.add_dependency "jwt", "~> 2.5" spec.add_dependency "logger", "~> 1.5" diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 70582183293..8a1329fe29e 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -63748,6 +63748,9 @@ msgstr "" msgid "This user has previously committed to the %{name} project." msgstr "" +msgid "This user has the %{access} role in the %{name} group." +msgstr "" + msgid "This user has the %{access} role in the %{name} project." msgstr "" diff --git a/package.json b/package.json index 100a1ed292c..aeaceede2a3 100644 --- a/package.json +++ b/package.json @@ -65,7 +65,7 @@ "@gitlab/fonts": "^1.3.0", "@gitlab/query-language-rust": "0.9.2", "@gitlab/svgs": "3.134.0", - "@gitlab/ui": "114.7.1", + "@gitlab/ui": "114.8.1", "@gitlab/vue-router-vue3": "npm:vue-router@4.5.1", "@gitlab/vuex-vue3": "npm:vuex@4.1.0", "@gitlab/web-ide": "^0.0.1-dev-20250618150607", diff --git a/spec/frontend/wikis/notes/components/note_actions_spec.js b/spec/frontend/wikis/notes/components/note_actions_spec.js index 382a5e45196..d59057866ad 100644 --- a/spec/frontend/wikis/notes/components/note_actions_spec.js +++ b/spec/frontend/wikis/notes/components/note_actions_spec.js @@ -59,7 +59,9 @@ describe('WikiNoteActions', () => { describe('when the container is a group', () => { beforeEach(() => { wrapper = createWrapper( - {}, + { + accessLevel: 'Owner', + }, { containerName: 'test-group', containerType: 'group', @@ -67,8 +69,11 @@ describe('WikiNoteActions', () => { ); }); - it('should not render the access level badge', () => { - expect(findUserAccessRoleBadge().exists()).toBe(false); + it('should render the access level badge', () => { + expect(findUserAccessRoleBadgeText()).toBe('Owner'); + expect(findUserAccessRoleBadge().attributes('title')).toBe( + 'This user has the owner role in the test-group group.', + ); }); }); diff --git a/spec/helpers/blob_helper_spec.rb b/spec/helpers/blob_helper_spec.rb index a77a737253e..83b934fc747 100644 --- a/spec/helpers/blob_helper_spec.rb +++ b/spec/helpers/blob_helper_spec.rb @@ -413,6 +413,7 @@ RSpec.describe BlobHelper, feature_category: :source_code_management do user_id: user.to_global_id, target_branch: ref, original_branch: ref, + escaped_ref: ActionDispatch::Journey::Router::Utils.escape_path(ref), can_download_code: 'false', full_name: project.name_with_namespace }) diff --git a/yarn.lock b/yarn.lock index 8b1d509249e..b53f2f06420 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1338,21 +1338,13 @@ resolved "https://registry.yarnpkg.com/@fastify/busboy/-/busboy-3.1.1.tgz#af3aea7f1e52ec916d8b5c9dcc0f09d4c060a3fc" integrity sha512-5DGmA8FTdB2XbDeEwc/5ZXBl6UbBAyBOOLlPuBnZ/N1SwdH9Ii+cOX3tBROlDgcTXxjOYnLMVoKk9+FXAw0CJw== -"@floating-ui/core@^1.7.0", "@floating-ui/core@^1.7.1": +"@floating-ui/core@^1.7.1": version "1.7.1" resolved "https://registry.yarnpkg.com/@floating-ui/core/-/core-1.7.1.tgz#1abc6b157d4a936174f9dbd078278c3a81c8bc6b" integrity sha512-azI0DrjMMfIug/ExbBaeDVJXcY0a7EPvPjb2xAJPa4HeimBX+Z18HK8QQR3jb6356SnDDdxx+hinMLcJEDdOjw== dependencies: "@floating-ui/utils" "^0.2.9" -"@floating-ui/dom@1.7.0": - version "1.7.0" - resolved "https://registry.yarnpkg.com/@floating-ui/dom/-/dom-1.7.0.tgz#f9f83ee4fee78ac23ad9e65b128fc11a27857532" - integrity sha512-lGTor4VlXcesUMh1cupTUTDoCxMb0V6bm3CnxHzQcw8Eaf1jQbgQX4i02fYgT0vJ82tb5MZ4CZk1LRGkktJCzg== - dependencies: - "@floating-ui/core" "^1.7.0" - "@floating-ui/utils" "^0.2.9" - "@floating-ui/dom@1.7.1", "@floating-ui/dom@^1.0.0", "@floating-ui/dom@^1.7.1": version "1.7.1" resolved "https://registry.yarnpkg.com/@floating-ui/dom/-/dom-1.7.1.tgz#76a4e3cbf7a08edf40c34711cf64e0cc8053d912" @@ -1465,15 +1457,15 @@ resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.134.0.tgz#d377ed04560e096155e6f2ff96532b32f65f5db9" integrity sha512-j80CQRNCdBIF0bykqWHCafYh/NaZg67Z5aZ9Whq28V+Od9l1KTn4Qb1SEd71hRLfDEkFQibdBc4L+CVVR98Q/w== -"@gitlab/ui@114.7.1": - version "114.7.1" - resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-114.7.1.tgz#8e6492db172a89b88b0c5716eef56b0c5ad618ba" - integrity sha512-KeUkxEWDHqYZXpvNzAhVH2lmuO7nilc3vGf/SKq2l/UPvqqOcCiZ61JBQ7J1CrIOQxUDSxLJGe54QVYteAn/OA== +"@gitlab/ui@114.8.1": + version "114.8.1" + resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-114.8.1.tgz#61edd78c7d4f7a0935efcbb5e916adbc44523412" + integrity sha512-sKFl0Ud15vQEMv8ZBsUnyzsk4Lg17qjxYSCPvSUNjBsLfesAxK4JdJNy8X3gulKxXY3n793gtaqbbeIY6Ixmmw== dependencies: - "@floating-ui/dom" "1.7.0" + "@floating-ui/dom" "1.7.1" echarts "^5.6.0" iframe-resizer "^4.3.2" - lodash "^4.17.20" + lodash "^4.17.21" popper.js "^1.16.1" portal-vue "^2.1.7" vue-functional-data-merge "^3.1.0"